See what Klovio costs for your operation. Personalized quote in your inbox in 60 seconds.
ROLES & PERMISSIONS

Give the floor exactlythe access they need.

Role-based access control built for warehouses. Start from a prebuilt role, toggle the exact actions each person can take, and scope it to the sites they actually run — so a picker picks, a site lead manages their site, and nobody touches what they shouldn't.

See pricing
app.klovio.app/settings/roles
ROLES
6
PERMISSIONS
42
SCOPED SITES
3
Permission matrix · Picker role
Adjust stockAllowed
Approve transfersBlocked
Edit master dataBlocked
View costsBlocked
Manage usersBlocked
6
Prebuilt role templates
Picker, receiver, supervisor, manager, admin, and read-only — ready to assign on day one, easy to fork.
40+
Granular permissions
Toggle the exact action — adjust stock, approve transfers, edit master data, view costs — per role.
Per-warehouse scoping
Scope any role to the sites a person runs, so a lead manages their location — and only theirs.
<2min
Time to onboard a hire
Pick a template, scope the site, send the invite. New hires are scanning, not waiting on IT.
Why access control matters

Over-permissioned warehouses leak — quietly.

When everyone can do everything, "small" mistakes add up fast. A temp adjusts the wrong count. A picker approves their own transfer. Someone edits a unit cost they were never supposed to see. None of it is malicious — it's just access nobody scoped. Least privilege isn't a compliance checkbox; it's how you stop errors before they reach your numbers.

The adjustment that shouldn't have happened

A new hire with full access "fixes" a count that wasn't wrong. Now your on-hand is off, the reorder fires early, and you're untangling it three days later.

The site lead managing the wrong site

Without per-warehouse scoping, every manager can touch every location. One typo at the wrong site, and another team's stock is suddenly off the rails.

The costs everyone can see

Unit costs, supplier pricing, and margins don't belong on every screen. When access is all-or-nothing, sensitive data ends up everywhere — and shrink becomes impossible to pin down.

Before vs. after

All-or-nothing access vs. role-based access.

Same team, same warehouses, same work. The only difference is whether access is scoped to the job — or handed out wholesale.

❌ Without roles & permissions
  • One "admin" login shared by half the floor because nobody set up individual access.
  • Everyone can adjust everything. Temps, pickers, and managers all have the same power.
  • No site boundaries. A lead at one location can edit stock at every other location.
  • Costs and margins exposed. Sensitive pricing shows up on screens that never needed it.
  • Onboarding waits on IT. Every new hire is a ticket, a meeting, and a day lost.
  • Discrepancies have no owner. When anyone could have done it, no one is accountable.
✅ With Klovio
  • Every person gets their own login with a role that fits the job — nothing shared.
  • Permissions match the role. Pickers pick. Receivers receive. Only approvers approve.
  • Roles scoped per warehouse. A site lead manages their site — and can't reach the rest.
  • Costs gated by permission. Show margins to the people who need them, hide them from the rest.
  • Onboard in under two minutes. Pick a template, scope the site, send the invite.
  • Every action is attributable. Least privilege plus the audit log means real accountability.
How it works

Three steps to scoped access.

No access-control project. No spreadsheet of who-can-do-what. The shortest path from a new hire to the exact permissions their job needs.

STEP 01

Pick a role template

Start from picker, receiver, supervisor, manager, admin, or read-only. Each comes with sensible permissions out of the box — assign as-is, or fork it to make your own.

6 templates
STEP 02

Toggle the exact permissions

Flip individual actions on or off: adjust stock, approve transfers, edit master data, view costs, manage users. The matrix shows precisely what each role can — and can't — do.

40+ toggles
STEP 03

Scope it to their sites

Bind the role to one warehouse, a region, or all of them. A site lead manages only their location. Assign, invite, done — the person is working in minutes.

per location
The permission matrix

Every action, every role, on one screen.

Permissions in Klovio aren't a vague "level" — they're individual actions you can see and toggle. Open the matrix and the whole picture is in front of you: which roles can adjust stock, who approves transfers, who edits master data, and who can see costs.

  • Toggle by action, not by broad "access level"
  • Fork any template to build a role that fits your floor
  • See conflicts and gaps before you save — no guesswork
  • Changes apply on the next sign-in, across every device
See it pair with the Audit Log →
Permissions · 5 actions × 4 roles
ActionPickerSuper.MgrAdmin
Adjust stock
Approve transfers
Edit master data
View costs
Manage users
Least privilege by default. Add power deliberately, not by accident.
Manager role · scoped access
DH
Daniel H · Manager
Scoped to 1 of 3 warehouses
Houston DCManages
Dallas HubNo access
Austin Cross-dockNo access
Same role. One site. Everything else is invisible.
Per-warehouse scoping

A site lead manages their site — and only theirs.

Roles answer "what can this person do." Scoping answers "where." A manager role at your Houston DC shouldn't be able to reach into Dallas or Austin — and in Klovio, it can't unless you say so.

Bind any role to a single warehouse, a region, or your whole network. The person sees only the sites they're scoped to. No accidental edits across locations, no cross-site confusion, no one stepping on another team's stock.

  • Scope to one site, a region, or all locations
  • Out-of-scope warehouses don't even appear for the user
  • Pairs with multi-warehouse for clean, isolated operations
See Multi-Warehouse →
Under the hood

How a permission check resolves.

From a tap on a handheld to an allow-or-block decision — every action runs through the same three gates, every time, on every device.

ACCESS DECISION From action to allow-or-block Three gates, evaluated on every action. TAP STEP 1 A worker requests an action They tap "Adjust stock" or "Approve transfer." Klovio attaches their role and assigned sites. GATE 1 STEP 2 · ROLE Does the role allow this action? The permission matrix is checked for an explicit "allow" on this exact action. No allow, no go. GATE 2 STEP 3 · SCOPE Is this warehouse in their scope? The target location is matched against the sites the user is bound to. Out of scope means out of reach. Allowed Action runs. Count updates. Both gates passed. Blocked Action stops. Nothing changes. A gate said no. Allowed or blocked, it's logged. Every decision is written to the audit log — user, action, site, and outcome. Accountability, by design.
The specifics

What "roles & permissions" actually means in Klovio.

Related modules

Pairs well with.

Audit Log

Every permission change and every action attributed to a user, time, and site. Least privilege, made accountable.

Learn more →

Multi-Warehouse

Run many sites cleanly. Scope roles per location so each team manages their own warehouse — and only theirs.

Learn more →

Real-time Inventory

Every permitted scan updates the count instantly across every user and device. The number on screen is the number on the shelf.

Learn more →

Give every person exactly the access they need.

20 minutes is all it takes to see Klovio's roles, permissions, and per-warehouse scoping working on your kind of operation.

See pricing